Secret Network resolves network vulnerability following white hat disclosure

On Nov. 30, Guy Zyskind, CEO of privateness astute declaration blockchain Secret Network, said that developers had patched a privacy-related vulnerability and users' funds stay secure. In a papers dated Nov. 29, Secret Network wrote that users oregon developers required nary enactment and that each progressive nodes were upgraded to close the exploit connected Nov. 2. 

2/ You tin work the station for the main details, but the important portion is that the vulnerability was mitigated and improbable to person been exploited. Most importantly, funds were ne'er astatine risk, due to the fact that Secret intentionally does not trust connected SGX for correctness – lone privacy.

The series of events, unveiled precocious yesterday by the Secret Network developers, began erstwhile a radical of white-hat machine subject researchers contacted the Secret squad connected Oct. 3 regarding a precocious disclosed xAPIC (Advanced Programmable Interrupt Controller) architectural bug. The exploit allowed uninitialized representation reads successful definite Software Guard Extension-enabled (SGX) Intel CPUs. Secret Network leverages SGX exertion to supply confidential execution of astute contracts. 

As stated successful their paper, researchers archetypal registered a server arsenic a validator node connected the Secret Network, adjacent erstwhile they did not person capable funds to beryllium trusted to actively validate transactions. The registration process past stored a transcript of Secret's planetary statement effect wrong its SGX enclave. Next, done the aforementioned CPU glitch, researchers extracted the statement effect of its Secret Node and its backstage Intel Enhanced Privacy ID key. Finally, with these items, they were capable to interruption Secret's privacy-preserving features and decrypt the interior authorities of each astute contracts connected the network, arsenic good arsenic the integer assets embedded successful them. 

Secret developers verified the exploit connected Oct. 4 and devised a program to spot the vulnerability unneurotic with researchers and Intel staff. First, nodes were forcefully ejected from the network, and their concealed keys deleted. After that, nodes could lone rejoin the web if they patched each known vulnerabilities, which was completed connected Nov. 2. "With this upgrade, it is present infeasible to equine xAPIC attacks against the Secret Network mainnet," wrote the Secret Network team.

In addition, caller nodes joining the web volition beryllium constricted to server-class hardware only, arsenic to bounds the onslaught aboveground that user-class hardware presents. Founded successful 2015, Secret Network presently has a marketplace headdress of $131 cardinal done its autochthonal token SCRT. The steadfast partnered with manager Quentin Tarantino to motorboat Secret NFTs past November.